I'm clueless.

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

I'm clueless.

Options

joyxbabe View Member Profile	Dec 30 2009, 02:54 AM Post #1
New Member Group: Members Posts: 7 Joined: 30-December 09 Member No.: 426,051	I have the Vimaxx malware that makes all of my ads into a male enhancement ad. Please help. Also, whenever I try to click on the links from Google, it goes to some random website. Ugh. This post has been edited by joyxbabe: Dec 30 2009, 02:58 AM Attached File(s) hijackthis.txt ( 13.51k ) Number of downloads: 4

Blind Faith View Member Profile	Jan 9 2010, 07:45 AM Post #2
Bleeping Cookie Group: Malware Study Hall Senior Posts: 1,873 Joined: 15-October 08 From: I don't know. Member No.: 246,867	Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE Elle -------------------- Can you hear it?It's all around! Tomar ki manè acchè? Yadi thakè, tahalè Ki kshama kartè paro? If I haven't replied in 48 hours, please feel free to send me a PM. Member of the *Bleeping Computer* A.I.I. early response team!

joyxbabe View Member Profile	Jan 9 2010, 08:00 AM Post #3
New Member Group: Members Posts: 7 Joined: 30-December 09 Member No.: 426,051	Vimax Ads are EVERYWHERE. And I'm having problems with google redirect as well. I've tried everything, with no luck. Thanks in advance. DDS (Ver_09-12-01.01) - NTFSx86 Run by Heather at 6:58:04.89 on Sat 01/09/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2044 [GMT -6:00] AV: avast! antivirus 4.8.1368 [VPS 100108-1] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\WINDOWS\system32\rundll32.exe c:\drivers\audio\r215959\STacSV.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdxcoms.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Heather\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=15367&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2 mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe" mRun: [EzPrint] "c:\program files\lexmark 3600-4600 series\ezprint.exe" mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-system: NoDispBackgroundPage = uPolicies-system: NoDispSettingsPage = uPolicies-system: NoDispAppearancePage = mPolicies-system: EnableLUA = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\heather\applic~1\mozilla\firefox\profiles\tw96n5fk.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15367&l=dis FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM&o=15364&locale=en_US&q= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-29 114768] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-13 214664] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-29 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-29 138680] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-13 113024] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-29 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-29 352920] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-13 144128] R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2009-9-13 148056] R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-9-13 144544] R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-9-13 268992] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-9-13 160256] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-16 133104] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-10-4 98984] S2 Seekdns Service;Seekdns Service;c:\documents and settings\all users\application data\seekdns\seekdns129.exe [2010-1-1 58720] S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-9-13 1656960] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-13 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-13 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-13 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-13 40552] =============== Created Last 30 ================ 2010-01-07 05:16:27 0 d-----w- c:\program files\Ask.com 2009-12-31 23:42:16 0 ----a-w- C:\backup.reg 2009-12-31 06:05:50 0 d-----w- C:\32788R22FWJFW.0.tmp 2009-12-31 05:16:24 0 d-sha-r- C:\autorun.inf 2009-12-30 07:37:36 0 d-----w- c:\program files\TrendMicro 2009-12-30 03:57:10 0 d-----w- c:\program files\Crawler 2009-12-30 02:21:43 0 d-----w- c:\docume~1\heather\applic~1\Malwarebytes 2009-12-30 02:21:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 02:21:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-30 02:21:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-30 02:21:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-30 02:00:02 0 d-----w- c:\windows\system32\appmgmt 2009-12-25 04:09:11 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-12-25 04:09:11 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys 2009-12-20 00:47:50 118 ----a-w- c:\windows\system32\MRT.INI 2009-12-17 23:30:30 0 d-----w- c:\program files\SB 2009-12-17 17:36:58 0 d-----w- c:\program files\Yahoo! 2009-12-17 02:40:44 0 d-----w- c:\program files\Seekdns 2009-12-17 02:40:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Seekdns 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-13 14:47:57 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-12-13 05:05:49 132096 --sha-r- c:\windows\system32\licdllh.dll 2009-12-11 12:31:04 606208 ----a-w- c:\docume~1\heather\applic~1\DataSafeDotNet.exe ==================== Find3M ==================== 2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-15 07:49:55 38332 ---ha-w- c:\windows\system32\mlfcache.dat 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2009-09-13 15:09:43 75 --sh--r- c:\windows\CT4CET.bin ============= FINISH: 6:58:24.71 =============== Attached File(s) Attach.txt ( 13.72k ) Number of downloads: 0

sundavis View Member Profile	Jan 9 2010, 10:11 AM Post #4
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370	Hi joyxbabe, Welcome to BleepingComputer HijackThis Logs and Malware Removal, My name is sundavis, I will be helping you to deal with your Malware problems today. I notice there is an unwanted program installed in your system. This unwanted program is sometimes malware related or potential hazard to your security. You're well advised to remove it. Go to start > control panel > Add/Remove Programs. Locate the following program: Ask Toolbar and select Remove. After that, please remove the following folder and reboot your PC. C:\program files\Ask.com Step1 Please download Flash_Disinfector and save it to your desktop. Double click to run it. You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear. Step2 Please download GMER Rootkit Scanner from Here or Here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. For more info, go to Here for your reference. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply. Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Step3 We need to create an OTL Report Please OTL from one of the following mirrors: This is THE Mirror Save it to your desktop. Double click on the OTL icon on your desktop. Click the "Scan All Users" checkbox. . Push the Run Scan button. Two reports will open, copy and paste them in a reply here: OTListIt.txt <-- Will be opened Extra.txt <-- Will be minimized In your next reply, please post back: 1.Gmer log 2.OTListIt.txt and Extra.txt Thanks.

sundavis View Member Profile	Jan 10 2010, 07:25 PM Post #6
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370	Hi joyxbabe, Step1 If you already have Combofix, please delete that copy and download it again as it's being updated regularly. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Click Yes to allow Combofix to continue scanning for malware. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply. Do not mouse click on Combofix while it is running. That may cause it to stall. Step2 I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt You can refer to this tutorial Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. In your next reply, please post back: 1.ComboFix log 2.MBAM log Tell me if you have any remaining issues on your pc. Thanks

joyxbabe View Member Profile	Jan 10 2010, 08:00 PM Post #7
New Member Group: Members Posts: 7 Joined: 30-December 09 Member No.: 426,051	I can't get combofix to work. A little box pops up, and it looks like its loading... but then it just sits there for a few minutes and closes on its own. All my antivirus/malware is turned off, so I'm not sure what it is.

sundavis View Member Profile	Jan 10 2010, 08:04 PM Post #8
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370	Hi joyxbabe, Click Start button > Select Run > copy/paste the following bolded command into the run box & click OK. "%userprofile%\desktop\combofix.exe" /killall If still not working, please go to Safe Mode and run it.

joyxbabe View Member Profile	Jan 10 2010, 09:00 PM Post #10
New Member Group: Members Posts: 7 Joined: 30-December 09 Member No.: 426,051	yay it worked! thank you so much for your help!

sundavis View Member Profile	Jan 10 2010, 09:14 PM Post #11
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370	Hi joyxbabe, QUOTE yay it worked! That sounds good. The culprit is gone, but we need to do the final check with Kas Online Scanner. It will take some time to run the full course. Please be patient and do the following: Step1 Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update: Java™ 6 Update 13 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. After that, please clear your java cache as instructed in this thread . Step2 Let's clean some temp files. Please do the following: Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main "Select Files to Delete" choose: Select All. Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Step3 Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner. Please go to Kaspersky Online Scanner and perform an online antivirus scan. Click Accept button on the "Requirements and limitations". When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button. It will be Downloading and installing the program and Updating the database. When Updating the database have finished, click on Settings. Make sure all boxes are checked. then click on the Save button. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run. Once the scan is completed, Click on View Scan Report. You may see a list of infected items over there. Click on Save Report As. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button. Please post the contents in your next reply. You can refer to this animation Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. Please post back the logs in your next reply. 1.Kas Online Scan Report Thanks

joyxbabe View Member Profile	Jan 11 2010, 12:33 AM Post #12
New Member Group: Members Posts: 7 Joined: 30-December 09 Member No.: 426,051	How's it look, doc? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, January 10, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, January 11, 2010 03:42:37 Records in database: 3297499 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 55727 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 00:58:10 No threats found. Scanned area is clean. Selected area has been scanned.

sundavis View Member Profile	Jan 11 2010, 10:40 AM Post #13
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370	Hi joyxbabe, Your system appears to be clean now. If you have no remaining concerns on your pc, let's do some tidy up and we can send you on your way. Step1 Click START then RUN Now copy/paste ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. Step2 Start OTL from your desktop. Double click OTL and let it run Then Click the Cleanup button. You will get a prompt saying "Being Cleanup Process". Please select Yes. Restart your computer when prompted. Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure: Update your antivirus programs Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here . Please check out Tony Klein's article "How did I get infected in the first place?" Read some information Here how to prevent Malware. Glad to be of help. Safe surfing!!

sundavis View Member Profile	Jan 17 2010, 02:09 AM Post #14
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370	Since this issue appears resolved ... this Topic is closed. Glad we could help. Everyone else please begin a New Topic.

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 6th September 2010 - 03:40 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides